Surprise, surprise! Imagine my delight when shopping Theme Forest to see themes moderately priced! The themes there are very high quality, too. I’ve been generally dissatisfied with the “free” themes out there recently. Many are junk, many require Page Rank-sucking footer links, and others have small annoying quirks that bug me (like the sidebar loading first, before content– that’s awful!!). But Theme Forest has a nice selection, and the creators there seem to offer some support.
Going up on the scale is also WooThemes– $70 a theme, yikes! But they are promoting a “buy one, get one free” which is a little easier on the pocketbook. Brian Gardener’s themes are still expensive– $60 or more a pop. And then there’s the Thesis theme, which looks great, but at $87 is just too pricey.
I’m open to any suggestions on good themes, free or premium. I’ve grown weary of my themes and am looking for a change. Leave a comment if you have a suggestion!
In case you haven’t heard, there’s a virulent worm spreading and hacking Wordpress blogs that have not been updated to the latest version, 2.8.4. Wordpress founder Matt Mullenweg advises everyone to update their Wordpress blogs:
Right now there is a worm making its way around old, unpatched versions of WordPress. This particular worm, like many before it, is clever: it registers a user, uses a security bug (fixed earlier in the year) to allow evaluated code to be executed through the permalink structure, makes itself an admin, then uses JavaScript to hide itself when you look at users page, attempts to clean up after itself, then goes quiet so you never notice while it inserts hidden spam and malware into your old posts.
The tactics are new, but the strategy is not. Where this particular worm messes up is in the “clean up” phase: it doesn’t hide itself well and the blogger notices that all his links are broken, which causes him to dig deeper and notice the extent of the damage. Where worms of old would do childish things like defacing your site, the new ones are silent and invisible, so you only notice them when they screw up (as this one did) or your site gets removed from Google for having spam and malware on it.
I’m talking about this not to scare you, but to highlight that this is something that has happened before, and that will more than likely happen again.
Hacking blogs and worms are not new to bloggers, whether you have Blogger or Wordpress, but I certainly didn’t like to read Mullenweg’s “this is something that has happened before, and that will more than likely happen again.” :yikes:
The only thing Mullenweg has to say about future hacking is:
There is only one real solution. The only thing that I can promise will keep your blog secure today and in the future is upgrading.
I admit, I sometimes wonder if hack attacks are built by certain people who use such attacks to get everyone to upgrade. This particular worm is relatively harmless, and easily detectable. I’ve heard of horrible hacker attacks, where entire blogs are wiped out or are used as vehicles to spew p*rn and other filth. This worm seems quite tame, and leaves behind broken links, which is easily detectable. Did someone create this worm simply to scare Wordpress users into forcing them to update their blogs? I’m not saying I believe this is so, just that there is that possibility. Maybe there’s more to this worm than is being publicized… But if that’s all the worm does, what else could be the motive?
I knew it was bound to happen… I just didn’t think it would happen a week after the previous update!! Wow, lol. Well, I am thankful that the Wordpress Dudes (as I affectionately call them) are on their toes with security issues.
Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.
We fixed this problem last night and have been testing the fixes and looking for other problems since then. Version 2.8.4 which fixes all known problems is now available for download and is highly recommended for all users of WordPress.
So I guess I know what I will be doing this afternoon. :-p
Wordpress has now made it so easy to update, I thank them for that. In a nutshell, here’s how to do it:
First thing: BACK UP YOUR BLOG.
I do database backups just about every week (log into my web host’s cPanel and use their Backup Wizard). I also then use the “Export” feature in the Wordpress Dashboard. This saves all posts and comments in an XML file. It just saves the information, not your blog’s theme nor photos nor other dynamic content. I made a quick video tutorial about How to Exporting Your Blog in an XML File. It’s an “on the safe side” kind of backup tool.
Update and then disable plugins.
I used to disable all my plugins before doing any upgrade. Plugins are third-party software, and therefore may conflict with each other during the upgrade. However, for the past three recent upgrades, I have attempted leaving my plugins enabled, and I have had no problems. I do, however, ALWAYS upgrade my plugins before attempting my Wordpress upgrade.
Click the Wordpress “Please update now” link at the top of your Admin page.
This notification shows up on all your Wordress admin pages. I usually go to my Dashboard and proceed from there. The link will take you to a page within your admin site, giving a few scanty details, and clicking the link.
Go slowly, read everything, don’t be in a hurry to click the links.
I take my time whenever I upgrade. I make sure the kids are preoccupied, I am *relatively* clear-headed, and not in a hurry. I’ve had problems when I have been too click-happy. Depending on the speed of your web host’s server transactions, it may take a few more seconds to complete. Don’t rush anything!
If something happens, call your web host.
I have Hostgator as my web host (see the button to their website in my sidebar) and I have been thrilled with their service and support. I recommend them more than any other host (and believe me, I’ve had a lot of hosts). If your blog has problems, give them a call. You will have a database backup that you can fall back on (you DID make that backup, right??!), and they can reinstate the older version, and help you upgrade to the newer one. But I have never had any problem whatsoever with the new Wordpress upgrade feature– it’s run AMAZINGLY smoothly.
As much as I would just love to keep this to myself (I like to have these things for my own resource), I HAVE GOT to tell you of a stunning collection of Wordpress themes. I am awed. I am definitely going to use one of these– the problem is, which one! The site is TemplateLite.com. Simply stunning!
Wordpress themes are becoming more and more graphic and very complex. I try to avoid the overly complicated themes, but if a theme has graphics that serve a practical use, I really like it. I’m so impressed with the new themes at TemplateLite.com. This is not a paid sponsorship, either! I just happened upon the website and was really blown away by the stuff. If you like color and style, you’ll like the themes!
Wordpress 2.7 is great– so many new functionalities! BUT please– why oh why did they not revise the “revision” capability?! Wordpress’ existing Revision feature is like an auto-save feature– it will automatically save your posts as you write them, so that should your computer or software crash, you have a current copy of what you’re writing. It’s a very nice feature, except for these reasons:
It saves every minute or so, making a new copy (not over-writing the old copy).
It creates a huge post database which makes your blog work harder to load your posts.
It has no delete capability, so these revisions sit in your database, unused.
Yeah yeah, there are ways to tinker with your wp-config.php file and disable the revision feature. But the ability to delete and/or disable and/or control the revision feature SHOULD BE built-in. It’s ridiculous not to have it!
So, anyway, I’ve found a very good plugin for revision control, called, not surprisingly, Revision Control. I’ve tried it an all my blogs, and it works perfectly. I have mine set to auto-save only TWO posts (you can choose to save more). It also gives you the ability to disable revisions completely, and to delete existing revisions. Kind of like virtual wrinkle creams for all the excess baggage you want to smooth out of your databases! (How’s that for fitting it in, huh?) :-p
My only complaint with Revision Control would be that I wish it had a checklist where I could tick off radio buttons and delete the revisions all at once. As it is now, I have to click “Delete” for each revision that exists, which is tedious, because a lot of my old posts have a dozen or more revisions sitting in my database! But that’s a small complaint.
Check out the plugin, it works well for all my 2.7 blogs (and I hear it is compatible for 2.6 WP blogs as well).
![[del.icio.us]](http://images.del.icio.us/static/img/delicious.small.gif){kind=small}
